[Snyk] Fix for 2 vulnerabilities

[m-ajay]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • superset-frontend/packages/superset-ui-core/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: d3-interpolate

The new version differs by 28 commits.

• 38346a4 3.0.0
• 47f9564 Adopt type=module ([Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 #93)
• e8cddfd Update README.
• df0475a v2.0.1
• 0ef66dc Merge pull request [Snyk] Security upgrade deck.gl from 8.5.2 to 8.8.18 #88 from d3/two
• 1d48123 v2.0.0-rc.1
• 2db2773 avoid CIRCULAR_DEPENDENCY warning
• 17d8bcb Merge pull request [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 #90 from d3/piecewise-default-interpolator-80
• 0c80cbc piecewise(values) defaults to d3.interpolate
• 57e87dc deliberate ES6 syntax
• 2b9596c version numbers
• 77b7f74 Merge branch 'zoom-rho' into two
• 4b1156f Merge branch 'DOMMatrix' into two
• 1954d05 zoomInterpolate.rho() has no getter
• b1074db Merge branch 'master' of https://github.com/d3/d3-interpolate
• a044425 url for "Gamma error in picture scaling"
• 794ce05 document interpolateZoom.rho
• 8b3594e unit tests
• aa991e4 rho getter
• a4dd859 the movement’s duration should not explode for small curvatures, and should be longer when the curvature is important
• 098c2ed avoid crashing on low curvatures (rho=1e-3 gives a good approximation of a linear transform)
• abfc0ae Merge branch 'master' into zoom-rho
• 6c8db19 disable eslint error on undefined DOMMatrix and WebKitCSSMatrix
• 975936b Merge branch 'master' into DOMMatrix

See the full diff

Package name: d3-scale

The new version differs by 3 commits.

• f7cb35b 4.0.0
• 120ad7a adopt InternMap for ordinal scales ([Snyk] Fix for 41 vulnerabilities #237)
• ac30873 Adopt type=module ([Snyk] Fix for 4 vulnerabilities #246)

See the full diff

Package name: react-markdown

The new version differs by 18 commits.

• 45b9977 5.0.0
• eeea3c2 Update `changelog.md`
• 5d6c9f1 Refactor scripts
• d29478f Add type tests
• 4f5dbe2 Add note
• 7a5e3a1 Add `allowDangerousHtml`, preferred over `escapeHtml`
• 2675ae2 Remove docs on `source`
• 34b0883 Change default branch to `main`
• 22a5e49 Refactor and test for 100% coverage
• b3aa6e0 Rewrite readme for unified, more examples
• a9f163d Move demo to `website` branch
• 4f1a407 Change to clean project, update, refactor scripts
• ebebf51 Upgrade remark to version 8, unified to version 9
• e400f6f Upgrade to remark-parse@6
• 3260f57 Run tests on node 12
• 6eff8d1 Pass AST node to all non-tag/non-fragment renderers as prop
• ca25be1 Fix link to demo in readme
• 9b4eb84 Updated remark-parse github link (Fixing issue #444 color function chokes on non-string param apache/superset#447)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)